myriad/myriad/manage.py

from flask import (
    Blueprint, flash, g, redirect, render_template, request, session, url_for, current_app
)
from werkzeug.utils import secure_filename
import os, uuid

from myriad.auth import login_required
from myriad.db import get_db

bp = Blueprint('manage', __name__, url_prefix='/manage')

@bp.route('/new', methods=('GET', 'POST'))
@login_required
def new():
    if request.method == 'POST':
        name = request.form['name']
        bio = request.form['bio']
        user_id = g.user[0]
        db = get_db()
        error = None

        if not name:
            error = 'Name is required.'

        if error is None:   
            db.execute(
                "INSERT INTO member (user_id, member_name, bio) VALUES (?, ?, ?)",
                (user_id, name, bio),

            )
            db.commit()
            return redirect(url_for('home.full_list'))
        
        return render_template('manage/new.html', error=error)
    
    return render_template('manage/new.html')

@bp.route("/edit/<mid>", methods=('GET', 'POST'))
@login_required
def edit(mid):
    db = get_db()
    member = db.execute("SELECT * FROM member WHERE id=(?)",(mid,)).fetchone()
    icons = db.execute("SELECT * FROM icons WHERE member_id=(?)",(mid,)).fetchall()

    if request.method == "POST":
        if "name" in request.form:
            name = request.form['name']
            bio = request.form['bio']
            subtitle = request.form['subtitle']
            db.execute("UPDATE member SET member_name=(?), bio=(?), subtitle=(?) WHERE id=(?)",(name, bio, subtitle, mid))
            db.commit()

        if "file" in request.files:
            # here we are just saving the uploaded file to the icons folder. 
            # we're not going hard on security because we expect there to only be 1 admin
            # but the filename will always be changed to a random string of numbers and letters known as uuid
            file = request.files["file"]
            filename = str(uuid.uuid4()) + "." + file.filename.split(".")[1]
            file.save(os.path.join(current_app.config["ICON_UPLOAD_FOLDER"], filename))
            db.execute("INSERT INTO icons (member_id, icon_location) VALUES (?, ?)", (mid, filename),)
            db.commit()

            # this specific chunk here is checking whether icons in the myriad/static/icons folder have a link in the database
            # in case the database was rebuilt, or something else happened, it is a waste of storage keeping an unlinked image
            icons = db.execute("SELECT * FROM icons").fetchall()
            icon_storage = os.listdir(current_app.config["ICON_UPLOAD_FOLDER"])
            for icon in icon_storage:
                in_database = False
                for i in icons:
                    print(i[2], icon)
                    if i[2] == icon:
                        in_database = True
                if not in_database:
                    os.remove(os.path.join(current_app.config["ICON_UPLOAD_FOLDER"], icon))

            # and now for the same in reverse - clean the database of references to images that don't exist
            for i in icons:
                in_storage = False
                print(i[2], i[0])
                if i[2] in icon_storage:
                    in_storage = True
                if not in_storage:
                    db.execute("DELETE FROM icons WHERE id=(?)", (i[0],),)
                    db.commit()

            # the above cleanup operations should be a button in the manage sidebar but for now they are here.

        if "c9" in request.form:
            c9 = request.form["c9"]
            c10 = request.form["c10"]
            c11 = request.form["c11"]
            c12 = request.form["c12"]
            c13 = request.form["c13"]
            c14 = request.form["c14"]
            c15 = request.form["c15"]
            c16 = request.form["c16"]
            #c17 = request.form["c17"]
            #c18 = request.form["c18"]
            #c19 = request.form["c19"]
            #c20 = request.form["c20"]
            c21 = request.form["c21"]
            c22 = request.form["c22"]

            db.execute("UPDATE member SET card_border=(?), card_bg=(?), heading_bg=(?), heading_border=(?), heading_name=(?), heading_subtitle=(?), card_text=(?), icon_border=(?), a1=(?), a2=(?) WHERE id=(?)",(c9, c10, c11, c12, c13, c14, c15, c16, c21, c22, mid))
            db.commit()


        member = db.execute("SELECT * FROM member WHERE id=(?)",(mid,)).fetchone()
        icons = db.execute("SELECT * FROM icons WHERE member_id=(?)",(mid,)).fetchall()
        return render_template("manage/edit.html", member=member, icons=icons)

    return render_template("manage/edit.html", member=member, icons=icons)

@bp.route("/set_main_icon/<mid>/<icon_id>")
@login_required
def set_main_icon(mid, icon_id):
    db = get_db()
    db.execute("UPDATE member SET main_icon=(?) WHERE id=(?)",(icon_id, mid))
    db.commit()

    return redirect(url_for("manage.edit", mid=mid))

@bp.route("/add_to_front/<mid>")
@login_required
def add_to_front(mid):
    db = get_db()
    db.execute("UPDATE member SET front=(?) WHERE id=(?)",(1, mid))
    db.commit()

    return redirect(url_for('home.full_list'))

@bp.route("/remove_front/<mid>")
@login_required
def remove_front(mid):
    db = get_db()
    db.execute("UPDATE member SET front=(?) WHERE id=(?)",(0, mid))
    db.commit()

    return redirect(url_for('home.full_list'))


@bp.route("/add_to_home/<mid>")
@login_required
def add_to_home(mid):
    db = get_db()
    db.execute("UPDATE member SET homepage=(?) WHERE id=(?)",(1, mid))
    db.commit()

    return redirect(url_for('home.full_list'))

@bp.route("/remove_home/<mid>")
@login_required
def remove_home(mid):
    db = get_db()
    db.execute("UPDATE member SET homepage=(?) WHERE id=(?)",(0, mid))
    db.commit()

    return redirect(url_for('home.full_list'))